AChoir Windows Live Artifacts Acquisition Scripting Framework

Every Incident Responder ultimately realizes the importance of scripting their preferred Live Acquisition utilities. I have seen these scripts developed in various scripting languages. Interestingly, they all tend to use many of the same freely available utilities to accomplish largely similar tasks.

Incident Responders often invest several years, along with considerable trial and error, to identify a set of utilities (and their options) that effectively yield relevant information about useful forensic artifacts. While Responders frequently utilize the same utilities and tend to script them in similar ways, each Responder faces the common challenge of developing their own script in their (not so) favorite scripting language. This involves figuring out how to quickly and consistently gather the most valuable artifacts. AChoir is a Framework/Scripting Tool designed to standardize and simplify this process. # Versions (So Far): AChoir v0.01 First Version (05/30/15) AChoir v0.02 Added Variables: &Dir &Fil &Acq &Win AChoir v0.03 Added Hashing AChoir v0.04 Introduced FOR:, &FOR, &NUM Looping AChoir v0.05 Added CK